similar to: CVE-2006-0225

On 03/12/2016 12:08, Jeremiah C. Foster wrote: > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This

On 02.12.2016 10:45, Jonas Wielicki wrote: > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: >> We are sorry to report that we have a bug in dovecot, which merits a >> CVE. See details below. If you haven't configured any auth_policy_* >> settings you are ok. This is fixed with >> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13

> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote: > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2.

Hi, Just want to ask about the status of this:- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002 >From list archives I gather the fix is still under refinement (but committed (and removed?) in HEAD and RELENG_5_2). One paranoid little shop is running a public web server on RELENG_4_9, and contemplating this patch:-

Is the use of "0i" a typo in main() from ssh-add.c: struct dest_constraint **dest_constraints = NULL; size_t ndest_constraints = 0i, ncerts = 0; -- albert chin (china at thewrittenword.com)

We have OpenSSH built against a static version of the OpenSSL library. Do the recent OpenSSL vulnerabilities necessitate a rebuild of OpenSSH? http://www.openssl.org/news/secadv_20030930.txt >From the description of the four bugs, I'm inclined to think not. -- albert chin (china at thewrittenword.com)

hi all, i haven't seen any discussion here of this issue, nor do i see any obviously related (open) bugs in bugzilla. It's not clear to me from the CVE how important this issue is or isn't, but i'm a bit concerned. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4091 thanks as always to wayne & the other contributors

We are sorry to report that we have a bug in dovecot, which merits a CVE. See details below. If you haven't configured any auth_policy_* settings you are ok. This is fixed with https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae and https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc Important vulnerability in Dovecot

Tru64 UNIX has getaddrinfo but not by that name. Including <netdb.h> #defines getaddrinfo to ogetaddrinfo or ngetaddrinfo which exists in /usr/shlib/libc.so. So, AC_CHECK_FUNC(getaddrinfo) isn't enough to test for getaddrinfo. Best to AC_TRY_LINK so the #define takes effect. -- albert chin (china@thewrittenword.com) -- snip snip --- configure.in.orig Thu Jan 3 19:03:54 2002 +++

library() takes lib.loc as the third argument. Where is this set? I am modifying the default library search path and everything seems to be ok except for this (I want R_HOME/lib/library rather than R_HOME/library). -- albert chin (china at thewrittenword.com) -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- r-help mailing list -- Read

Hi folks. We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS in sftp, described as: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via

Hi-- Are folks familiar with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 http://www.isc.org/software/dhcp/advisories/cve-2011-0997 http://nakedsecurity.sophos.com/2011/04/07/flaw-in-iscs-dhclient-could-allow-remote-code-execution/ Checking http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/dhclient/dhclient.c, I don't see signs that it may have been updated. But, I also

Hi, First look this vulnerability issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933 My application models: http://pastie.org/1709174 On my departments form, when user selects a health unit, I copy all health unit attributes including address and street. The parameters hash looks like this: http://pastie.org/1709217 But this was considered a vunerability issue, the

Anyone having good results with 4-STABLE and the 3Ware 9000 series controllers? -- albert chin (china@thewrittenword.com)

A trailing comma in an enum generates an error with the IBM C compiler, xlc, on AIX 4.3.2: $ gmake ... xlc -O2 -qmaxmem=-1 -qarch=com -I/opt/TWWfsw/tcpwrap/include -I. -I. -I/opt/TWWfsw/libopenssl09s/include -I/opt/TWWfsw/zlib11s/include -DSSHDIR=\"/etc/opt/TWWfsw/openssh323\" -D_PATH_SSH_PROGRAM=\"/opt/TWWfsw/openssh323/bin/ssh\"

Latest CVS gives the following error with the Compaq C compiler on Tru64 UNIX: cc -I. -I. -O2 -std1 -DHAVE_CONFIG_H -I./popt -c batch.c -o batch.o cc: Error: batch.c, line 408: In this statement, a common type could not be determined for the 2nd and 3rd operands ("&s->count" and "&int_zero") of a conditional operator. (badcondit)

I am testing out a new server with RHEL6 running KVM. We have a few NICs on the server, one of which we would like to dedicate to network traffic to/from the virtual guests. Is it possible to do this without assigning an IP address to the NIC? We're currently doing something like this with Vmware Server, HP's HPVM for HP-UX/IA, and IBM's PowerVM for AIX. -- albert chin (china at

1. Need a prototype for get_canonical_hostname(). 2. -I.. is used to build port-aix.c so why not just #include <xmalloc.h> rather than <../xmalloc.h>? -- albert chin (china at thewrittenword.com) -- snip snip --- openbsd-compat/port-aix.c.orig Tue Sep 16 10:07:47 2003 +++ openbsd-compat/port-aix.c Tue Sep 16 10:08:09 2003 @@ -27,11 +27,12 @@ #include "ssh.h" #include

We're configuring Windows Server 2003 against Samba with an LDAP backend. Things are mostly working. On the UNIX end, all users have, as their primary group, a groupname matching their login id. So, username "china" has groupname "china" as the primary group. I tried creating a local user on the Windows Server 2003 box and a groupname equivalent to the username but it

The IBM C compiler on AIX doesn't like a trailing comma after the last enum constant. -- albert chin (china@thewrittenword.com) -- snip snip --- rsync.h.orig 2004-05-01 16:52:14.000000000 -0500 +++ rsync.h 2004-05-01 16:52:18.000000000 -0500 @@ -123,7 +123,7 @@ MSG_DATA=0, /* raw data on the multiplexed stream */ MSG_ERROR=FERROR, MSG_INFO=FINFO, MSG_LOG=FLOG, /* remote logging */